ACS常用操作(实战)
备份============================
acs/admin#acs backup acs repository acsre 常用
恢复,其过程会停用服务,初始化时间较长
acs restore *.gpg repository acsre
===============================================================
backup / restore 备份恢复所有内容,会停用服务,还原会重启服务器
acs-ms/admin# backup ftp repository ppp ----------------备份所有数据
% backup in progress: Starting Backup...10% completed
% Creating backup with timestamped filename: ftp-160415-0138.tar.gpg
Please enter backup encryption password [8-32 chars]:
Please enter the password again:
% backup in progress: Backing up ADEOS configuration...55% completed
Calculating disk size for /opt/backup/backup-ftp-1460684335
Total size of backup files are 16 M.
Max Size defined for backup files are 3880 M.
% backup in progress: Moving Backup file to the repository...75% completed
% backup in progress: Completing Backup...100% completed
acs-main/admin# debug transfer 7 **************排障常用
acs-main/admin# debug copy 7
acs-main/admin# acs backup adconfig repository ftp --------------------------备份应用数据
6 [7102]: transfer: cars_xfer.c[108] [admin]: ftp copy out of /opt/backup/backup-adconfig-160518-1708-1463562496/adconfig-160518-1708.tar.gpg requested
6 [7102]: transfer: cars_xfer_util.c[586] [admin]: curl version: libcurl/7.16.2 OpenSSL/0.9.7a zlib/1.2.1.2 libidn/0.5.6
7 [7102]: transfer: cars_xfer_util.c[598] [admin]: full url is ftp://192.168.159.1/adconfig-160518-1708.tar.gpg
ACS backup file 'adconfig-160518-1708.tar.gpg' successfully copied to repository 'ftp'
文件名自动加日间标记
acs backup xx rep ftp /注意用FTP备份超32M的数据,否则可能出现传输错误。
acs-ms/admin# show backup history 查看备份历史
acs-ms/admin# show restore history 查看还原历史
reload 重启ACS服务器
F12 进入引导菜单
mkdir disk:/backup
dir **************查看文件目录
show disks *****************类linux ----- ls -l
show application status acs ********************查看应用服务状态
ACS role: PRIMARY
正常情况下为running
Process 'database' running
Process 'management' running
Process 'runtime' running
Process 'ntpd' running
Process 'view-database' running
Process 'view-jobmanager' running
Process 'view-alertmanager' running
Process 'view-collector' running
Process 'view-logprocessor' running
补丁安装 patch=======================================================================
acs patch install 5-3-0-40-xx.tar.gpg repository repository-name
acs-sec/admin# acs patch install 5-3-0-40-xx.tar.gpg repository ftp
Installing ACS patch requires a restart of ACS services. Continue? (yes/no) yes
Stopping ACS.
Stopping Management and View...............................................................
Stopping Runtime......
Stopping Database....
Cleanup.....
Stopping log forwarding .....
Installing patch version '5.3.0.40.xx'
Installing ADE-OS 2.0 patch. Please wait...
About to install files
Removing old war
Removing old war
Removing old war
Removing old war
Removing old war
Removing old war
Removing old war
Removing old war
monit daemon with pid [4812] killed
.Starting monit daemon with http interface at [localhost:2812]
This patch includes security fixes which requires ACS server reboot. It is highly recommended to proceed with reboot
Do you want to reboot the server ? Y/N: y
You have choosen to reboot the server, Rebooting ...
Broadcast message from root (pts/0) (Thu May 19 16:40:37 2016):
The system is going down for reboot NOW!
/opt/CSCOacs/patches/5-3-0-40-xx
Patch '5-3-0-40-10' version '5.3.0.40.10' successfully installed
ACS is already running.
Upgrading an ACS Deployment from 5.3 to 5.5===========================
Note When you upgrade from ACS 5.3 to ACS 5.5 using the "Reimaging and Upgrading an ACS Server method,
you must install patch 8 or a subsequent patch before you start upgrading to ACS 5.5.
Note When you upgrade from ACS 5.3 to 5.5 using the "Upgrading an ACS server using the ApplicationUpgrade Bundle" method,
it is mandatory to install the following patches one by one in the order specified:
1 Install ACS 5.3 patch 8 (ACS 5.3.0.40.8) or a subsequent patch. You need to install patch 8 or a subsequent patch prior to the upgrade or the upgrade may fail.
2 Install the "Pointed-PreUpgrade-CSCum04132-5.3.0.40" patch over patch 8 or a subsequent patch before you start upgrading from ACS 5.3 version.
bugs: https://bst.cloudapps.cisco.com/bugsearch/bug/CSCum04132/?referring_site=bugquickviewredir
升级后可能出现的问题ssh不了,
建议操作在console操作升级,如果出现则打最新补丁,在console下操作,关闭sshd服务 这个方法不一定可行。
==========================================================================================
4.upgrade 注意文件名以.tar.gz结尾---!!
application upgrade ACS_5.3.tar.gz repository-name =====注意操作完不要按任何按键等待重启
ACS displays the following confirmation message:
Do you want to save the current configuration? (yes/no) [yes]?
Step 3 Enter yes .
When the ACS upgrade is complete, the following message appears:
% CARS Install application required post install reboot...
The system is going down for reboot NOW!
Application upgrade successful
from the Monitoring and Report Viewer, choose Monitoring Configuration > System Operations > Data Upgrade Status .
The Data Upgrade Status page appears, indicating the status of the Monitoring and Report Viewer data upgrade.
When the database upgrade completes, ACS displays the following message:
Upgrade completed successfully. 升级完后确认这个状态为升级成功!
查看日志
show logg app
acsLogForward.log
acsupgrade.log.1
show acs-log filename xxx 对应日志文件名,查看详细日志内容
show tech 升级前查看空间大小 /storeddata 这个空间是否够解压升级包
show version 查看版本信息
acs5.5以上,cli密码限制在8位或以上。
ACS 默认密码策略
password-policy
lower-case-required
upper-case-required
digit-required
no-username
disable-cisco-passwords
min-password-length 6 长度
password-lock-enabled 默认锁定10分钟
password-lock-retry-count 5 次数
acs-sec/admin# acs reset-config 5.3需要重置才能改序列号,5.5后可以不用重置
This command deletes the current ACS configuration
and resets the ACS configuration to factory defaults.
Cisco recommends that you perform a backup before you execute this command.
Are you sure you want to reset the configuration now? (yes/no) yes
Stopping ACS.
Stopping Management and View......................
Stopping Runtime..................
Stopping Database....
Stopping Ntpd...
Cleanup...
Resetting configuration to factory defaults.
Starting ACS ....
To verify that ACS processes are running, use the
'show application status acs' command.
Secure Access Control System (ACS 5.x and later) Troubleshooting
http://www.cisco.com/c/en/us/support/docs/security/secure-access-control-system/113485-acs5x-tshoot.html
ACS 5.2/5.3 backup & restore
http://www.cisco.com/c/en/us/support/docs/security/secure-access-control-system/113639-ptn-113639.html
5.3 to 5.5 Manifest file not found in the bundle问题解决方案
http://www.cisco.com/c/en/us/support/docs/security/secure-access-control-system/200333-Troubleshoot-Manifest-file-not-found-Err.html#anc6
补丁包下载
https://software.cisco.com/download/release.html?mdfid=283883841&release=5.3.0.40&softwareid=282766937
链接官方网站全有。
